feat(connector): add ClientId

[friofry]

fixes #6972
Allow isolated state management per dapp (Dapp browser, chrome extension, wallet-connect)

Database:

• Added migration to include client_id column with composite PRIMARY KEY (url, client_id). Existing records migrated with client_id = '' for backward compatibility.

API:

• Added ClientID field to RPCRequest, ConnectorDApp, DApp
• Updated commands
• DefaultClientID constant for backward compatibility. Old clients(browser extension) automatically use empty string "".

[Copilot]

Pull Request Overview

This PR adds ClientID support to the connector system, enabling isolated state management per DApp client (Dapp browser, Chrome extension, wallet-connect).

Key changes include:

• Database migration to add client_id column with composite PRIMARY KEY (url, client_id)
• API updates to include ClientID field in relevant structs and function signatures
• Backward compatibility support for existing clients using empty string as default client ID

Reviewed Changes

Copilot reviewed 18 out of 18 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
walletdatabase/migrations/sql/1759312232_add_client_id_to_connector_dapps.up.sql	Migration script to add client_id column and composite primary key
signal/events_connector.go	Added ClientID field to ConnectorDApp struct
services/connector/database/persistence.go	Updated database operations to use URL+ClientID composite key
services/connector/database/persistence_test.go	Added comprehensive tests for multi-client scenarios
services/connector/commands/*.go	Updated all command handlers to use ClientID in database operations
services/connector/api.go	Modified API methods to accept and use ClientID parameter

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[status-im-auto]

Jenkins Builds

Click to see older builds (18)

❔	Commit	#️⃣	Finished (UTC)	Duration	Platform	Result
✔️	11f3882	#1	2025-10-01 10:15:23	~3 min	macos/status-go	📦zip
✔️	11f3882	#1	2025-10-01 10:15:47	~3 min	linux/status-go	📦zip
✔️	11f3882	#1	2025-10-01 10:19:13	~6 min	windows/status-go	📦zip
✔️	11f3882	#1	2025-10-01 10:22:27	~10 min	linux/nwaku	📦zip
✔️	11f3882	#1	2025-10-01 10:22:54	~10 min	tests-rpc	📄log
✔️	11f3882	#1	2025-10-01 10:38:51	~26 min	tests	📄log
✔️	6a7f16c	#2	2025-10-01 12:43:14	~3 min	macos/status-go	📦zip
✔️	6a7f16c	#2	2025-10-01 12:43:20	~3 min	linux/status-go	📦zip
✔️	6a7f16c	#2	2025-10-01 12:47:44	~7 min	windows/status-go	📦zip
✔️	6a7f16c	#2	2025-10-01 12:49:54	~9 min	linux/nwaku	📦zip
✔️	6a7f16c	#2	2025-10-01 12:57:02	~16 min	tests-rpc	📄log
✖️	6a7f16c	#2	2025-10-01 13:07:21	~27 min	tests	📄log
✔️	9ceeeea	#3	2025-10-06 12:25:45	~3 min	macos/status-go	📦zip
✔️	9ceeeea	#3	2025-10-06 12:26:35	~4 min	linux/status-go	📦zip
✔️	9ceeeea	#3	2025-10-06 12:29:17	~6 min	windows/status-go	📦zip
✔️	9ceeeea	#3	2025-10-06 12:33:01	~10 min	linux/nwaku	📦zip
✔️	9ceeeea	#3	2025-10-06 12:33:26	~10 min	tests-rpc	📄log
✔️	9ceeeea	#3	2025-10-06 12:49:45	~27 min	tests	📄log

❔	Commit	#️⃣	Finished (UTC)	Duration	Platform	Result
✔️	afae65c	#4	2025-10-06 15:25:39	~3 min	macos/status-go	📦zip
✔️	afae65c	#4	2025-10-06 15:26:18	~4 min	linux/status-go	📦zip
✔️	afae65c	#4	2025-10-06 15:28:50	~6 min	windows/status-go	📦zip
✔️	afae65c	#4	2025-10-06 15:33:36	~11 min	linux/nwaku	📦zip
✔️	4b0b6d6	#5	2025-10-06 15:29:36	~3 min	macos/status-go	📦zip
✔️	4b0b6d6	#5	2025-10-06 15:30:22	~3 min	linux/status-go	📦zip
✔️	4b0b6d6	#5	2025-10-06 15:35:12	~6 min	windows/status-go	📦zip
✔️	4b0b6d6	#5	2025-10-06 15:41:19	~14 min	tests-rpc	📄log
✔️	4b0b6d6	#5	2025-10-06 15:45:15	~11 min	linux/nwaku	📦zip
✔️	4b0b6d6	#5	2025-10-06 15:59:58	~33 min	tests	📄log

[codecov]

Codecov Report

❌ Patch coverage is 95.45455% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 59.53%. Comparing base (d7310c5) to head (4b0b6d6).
⚠️ Report is 2 commits behind head on develop.

Files with missing lines	Patch %	Lines
services/connector/api.go	66.66%	3 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #6973      +/-   ##
===========================================
+ Coverage    55.44%   59.53%   +4.08%     
===========================================
  Files          832      834       +2     
  Lines       120083   120115      +32     
===========================================
+ Hits         66584    71513    +4929     
+ Misses       46530    41325    -5205     
- Partials      6969     7277     +308     

Flag	Coverage Δ
functional	32.59% <60.60%> (?)
unit	55.42% <84.84%> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
services/connector/commands/accounts.go	80.00% <100.00%> (ø)
services/connector/commands/chain_id.go	60.86% <100.00%> (ø)
services/connector/commands/client_handler.go	72.61% <100.00%> (+13.63%)	⬆️
services/connector/commands/request_accounts.go	82.85% <100.00%> (+1.03%)	⬆️
services/connector/commands/revoke_permissions.go	75.00% <100.00%> (+1.08%)	⬆️
services/connector/commands/rpc_traits.go	76.92% <ø> (ø)
services/connector/commands/send_transaction.go	47.50% <100.00%> (+23.44%)	⬆️
services/connector/commands/sign.go	76.92% <100.00%> (+0.45%)	⬆️
...rvices/connector/commands/switch_ethereum_chain.go	71.18% <100.00%> (+5.08%)	⬆️
services/connector/commands/test_helpers.go	100.00% <100.00%> (ø)
... and 5 more

... and 201 files with indirect coverage changes

[igor-sirotin]

I think we must not do this, as it introduces a vulnerability.

Examples

Imagine this case:

1. User permits OpenSea dApp with WalletConnect
2. The application is running and exposing the connector service to localhost
3. Now any local app can connect to localhost:8586 and with ClientID: wallet-connect and no UI popup will appear.

Transactions would still require manual approval, but at least the list of accounts will be available this way.

Proposal

ClientID should not be set by the client, but only by status-go / status-desktop.

So we must set ClientID inside "secure environment":

• inside status-go - knowing that the connection is coming from HTTP/WS
• inside status-desktop (coming from CallRPC) - we trust it, because the C-bindings connection is secure enough.

So I think it's closer to ConnectionType rather than ClientID.

A problem

There might still be a clash between some constant httpClientID = "http-client" that we define in status-go and an arbitrary string coming from status-desktop.

We can control status-desktop client ids, but we can't control all other potential clients of status-go.

So not sure how we should go with this 🤔
Perhaps it's ok if we just define the forbidden constant in status-go docs.

[friofry]

I agree – passing clientId directly looks like a vulnerability. It would be best to set the clientId (connection‑type) at the moment the connection is created

I think clientId is still useful because the desktop C‑bindings (will) expose both wallet‑connect and dapp‑browser.

Proposed approach:

• http/ws creates a connection with connection-type="http/public", possibly with a pre‑defined clientId
• For status‑desktop use connection-type="desktop/secure".
• In the *v2 methods we will allow the caller to pass a clientId. The connector will respect the clientId only when the connection type is secure.

In other words, use connection-type for general protection and clientId for state isolation per client.

Additionally, I’d add a session identifier to the Login response so that an established connection can’t be hijacked by another application

[friofry]

added a fix